Angus Robertson

Which previous version did you successfully build under MacOs64? The announcement said MacOS and Win64, not MacOs64. Angus

ICS V8.63 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1d win32, with other versions of OpenSSL being available from the download page. 1 - IcsHosts is now supported in all the main ICS server components, TWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy, TIcsHttpProxy, TIcsIpStrmLog and TSslFtpServer. This simplifies server applications which do not need to setup an SSL context, can easily support multiple listeners and hosts, and can automatically order and install SSL/TLS certificates from Let's Encrypt and commercial suppliers. 2 - There are several changes relating to automatic certificate ordering, mostly cosmetic based on experience adding the feature into more applications with a few issues fixed during testing with better logging. 3 - Made improvements to handle the OAuth2 version used by Google Accounts, allowing the REST component to access Google APIs such as Gmail. 4 - Did a major refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots from Amazon and others, and remove untrusted certificates. 5 - There are improvements in TFtpCli to access FTP servers behind NAT routers where the internal and external IP addresses are different and not correctly handled by the FTP server. 6 - The TSslFtpServer component now uses the IcsHosts concept added to the web and proxy servers two years ago, see above. There is a new IcsHosts property which allows multiple hosts to be specified. Also fixed ftpsNoPasvIpAddrInLan and ftpsNoPasvIpAddrSameSubnet options to work correctly to present local passive IP address on LANs. 7 - The TIcsIpStrmLog component will now start despite non-fatal SSL/TLS certificate warnings, and may be used with self signed certificates. The OverbyteIcsIpStmLogTst sample shows how to restart the TCP server after the first SSL/TLS certificate is automatically installed. More detailed release notes are at: http://wiki.overbyte.eu/wiki/index.php/ICS_V8.63 Angus

V8.63 was tested yesterday on RAD Studio 10.3 Rio Release 3 (aka 10.3.3) without any problems. Angus

Sorry, RSA-PSS key support is only partially implemented, it is shown as pending at the top of the unit. I spent a lot of time learning and implementing the Jose stuff, and started to code new keys types, but never got to test them properly since they are rarely used even 18 months later. In the end I have to move on and implement the Let's Encrypt stuff this was written for. Looking at the code, RSA-PSS keys are actually checked later in that function for jsigRsaPss256, or are you saying they can also be used with jsigRsa256? Angus

ICS contains dozens of units, only a few of which are updated for new releases. So many units have older versions. But units they depend on may be later and fix bugs in that unit. The overnight zip from SVN is the latest, V8.63 will be finally released later this week. Angus

If you want help with connection problems you need to give us real URLs, we can not waste time looking for code problems when the input or site is faulty. Your previous post was a perfect example. You should also test the site using the REST sample which has proper logging to show what is happening. It will probably work, and you can then check why your own code fails. Please don't post ICS source code here, we have it already. Angus

Not aware of any file download problems with the web server, my clients access thousands of files daily, for 10 years. I'll put this on the list to test, but it will take a while. Angus

Thanks, fixed, it also checked an older setting, which is why I missed it. Angus

Gmail still allows SMTP and POP3 access with basic authentication, provided you ignore all attempts by Google to set-up better security on the account, and accept the odd/regular email that your account is being used by a suspicious application. But once you have turned on 'better security' (forget it's real name) you can not turn it off, so have to set-up a new gmail account. The OAuth2 option is not too bad, you only need to authenticate with a Google login using a browser once and the refresh token provided remains valid until not used for six months, or when the account is changed. so you can get a new access token each time you send email without needing to authenticate again. Other OAuth2 implementations usually expire the refresh token within 24 hours. Angus

The install instructions are in readme8.txt in the ICS root. You only install one of those groups, depending on whether you want just VCL or VCL and FMX. Angus

This was reported in this forum on 21st October and an illegal date of zero no longer raises an exception in V8.63 which will be released real soon, but can be downloaded now from SVN or the overnight zip. But functionally your application will not behave differently, the conversion function simply returns zero rather the exception setting zero, so will not explain your other issues. Are you using TSslHttpRest yet, it has cookie handling built-in. Angus

So you have built and installed all the component packages with 64-bit targets? And only have the 64-bit library paths for your application? The install group project for each compiler has a Build Group pane that builds for 32 and 64-bit platforms automatically. Your screen shot above should show Release/Win64 and Release/Win32 paths so you have done something unusual. Having said that, when doing releases I only build for the D2007 and latest compilers, not the dozens of others, some no longer have licenses available... But they built when last the latest and have all the new units since. Angus

Bad URL, nothing more that can said. If you want real help, you need to give us real data. Angus

Which must be the result of code you have not shown, you need to use the debugger. You should build the OverbyteIcsHttpRestTst.dpr sample and try your URL using the GUI first. Angus

One possible reason is HTTP 1.0 does not support Keep-Alive, it should be 1.1. You are also setting a POST content type but using GET. That component added httpAuthBearer 18 months ago so you are probably using an old version. You would be better using the newer TSslHttpRest component that is much easier to use than THttpCli and has a new demo OverbyteIcsHttpRestTst.dpr designed for OAuth2. REST and Json. Angus

The FTPMulti component only use sync commands. Sure it will work with extra code to set the correct directory, but that code will be called anyway including creating directories if they don';t exist, with the correct parameters. Try the sample. Angus

Just tested 'Single FTP' upload using the ICS File Transfer Demo and it seems to work correctly. You should not need to set any component properties for paths, FtpUpOneFile uses the remote path specified there and correctly changes to the specified directory: > PWD < 257 "/" is current directory. > CWD /logs/testing/ < 250 CWD command successful. "/logs/testing" is current directory. > PWD < 257 "/logs/testing" is current directory. Uploading File, C:\tempfiles\regnam20.zip to /logs/testing/regnam20.zip, size 238 Kbytes Angus

If you want to do some ICS stress testing, you can use my ComCap5 and ComGen5 tools, the former is a general purpose data capture tool, the latter generates streams of TCP or UDP data to test the former. I tested ComGen5 creating 2,000 sessions to ComCap5, with 100 new connections per second (which is configurable) with ComCap5 saving data from all the connections into the same log file. Both tools use a single thread for all the connections. ComGen5 uses an array of TIcsIpStrmLog components to make the TCP client connections to TWSocketServer in ComCap5. SSL slows down the number of new connections per second, with about 300 out of 2,000 failing first time, but TIcsIpStrmLog retries failed connections so the session start on the next attempt. Angus

Yes, TWSocketServer has been tested with hundreds of clients, the main limit is how many new clients can connect each second, particularly with SSL which has a high connection overhead. Once connected, lots of large files can be download in parallel. But blocking the server with SQL requests, SHA1 sums, etc, will stop new connections, file I/O, etc, The ICS FTP server uses a thread for such operations. The ICS web and FTP servers are good examples, although quite complicated. Angus

I've not used FtpUpOneFile myself for many years, it was written for another client and worked in their circumstance, need to test it. Angus

There are new versions of the FTP client and server in SVN and the overnight zip, fixing the FTP server options being ignored and improving passive mode on the client. I've added logging for both client and server IPv4 passive mode to log various IP addresses before the data connection is opened, to make it easier to debug why a connection fails. The FTP client also has a new Option ftpFixPasvLanIP for when '227 Entering Passive Mode ()' returns a LAN IP instead of a WAN IP, so use control IP instead. This fixes failed downloads if the FTP server is behind a NAT router and is not configured to present the external IP. An example log is: > PASV < 227 Entering Passive Mode (192,168,1,161,82,10). ! Passive connection requested to: 192.168.1.161:21002, control channel: 217.146.115.83 ! Suspicious LAN IP changed to control channel address > LIST < 150 Opening data connection for directory list. www3.magsys.co.uk SSL Connected OK with TLSv1.2 < 226 File sent ok Note this example won't work now, I had to misconfigure the server to return the local IP address. Angus

Your three Xfer fixes are now in SVN and the overnight zip. Angus

The FTP server Options ftpsNoPasIpAddrInLAN and ftpsNoPasvIpAddrSameSubnetoptions were broken because the remote client IP was always returned as 0.0.0.0, now fixed, will be in SVN next week with other FTP changes. Angus

Sorry, I don't do C++ Builder, it needs peer support from other users. Angus

No, it gets an A rating and supports TLS/1,2 so should work with ICS. The OverbyteIcsHttpRestTst sample connects fine from here: www.kcsoftwares.com SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key auth RSA, key exchange ECDH, encryption AESGCM(128), message auth AEAD Angus